I just upgraded oprofile on all our machines. Sean
On Sat, Jun 4, 2011 at 11:09 AM, Luciano Bello <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - > --------------------------------------------------------------------------- > Debian Security Advisory DSA 2254-1 > [email protected] > http://www.debian.org/security/ Luciano > Bello > June 3, 2011 > http://www.debian.org/security/faq > - > --------------------------------------------------------------------------- > > Package : oprofile > Vulnerability : command injection > Problem type : local > Debian-specific: no > Debian bug : 624212 > CVE ID : CVE-2011-1760 > > OProfile is a performance profiling tool which is configurable by > opcontrol, its > control utility. Stephane Chauveau reported several ways to inject > arbitrary > commands in the arguments of this utility. If a local unprivileged user is > authorized by sudoers file to run opcontrol as root, this user could use > the > flaw to escalate his privileges. > > > For the oldstable distribution (lenny), this problem has been fixed in > version 0.9.3-2+lenny1. > > For the stable distribution (squeeze), this problem has been fixed in > version 0.9.6-1.1+squeeze1. > > For the testing distribution (wheezy), this problem has been fixed in > version 0.9.6-1.2. > > For the unstable distribution (sid), this problem has been fixed in > version 0.9.6-1.2. > > We recommend that you upgrade your oprofile packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iEYEARECAAYFAk3qdL0ACgkQHYflSXNkfP/FlACeJhDQcRMuQHvWHa25HnSdMECy > T90An1FejDYdiCPVthcunO2YytGOzc6e > =Weyj > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > Archive: http://lists.debian.org/[email protected] > >
